💚 Cannot run makepkg as root

TaylorBeeston · Jul 29, 2024 · 5aa4a58 · 5aa4a58
1 parent c31bb02
commit 5aa4a58
Showing 1 changed file with 11 additions and 1 deletion.
diff --git a/.github/workflows/release-plz.yaml b/.github/workflows/release-plz.yaml
@@ -39,6 +39,11 @@ jobs:
       - name: Install git and gnupg
         run: pacman -Syu --noconfirm git gnupg openssh
 
+      - name: Create non-root user
+        run: |
+          useradd -m builder
+          echo "builder ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
+
       - name: Update PKGBUILD
         run: |
           version=$(grep '^version =' Cargo.toml | sed 's/.*= "\(.*\)"/\1/')
@@ -48,23 +53,27 @@ jobs:
 
       - name: Generate .SRCINFO
         run: |
-          makepkg --printsrcinfo > .SRCINFO
+          chown -R builder:builder .
+          sudo -u builder makepkg --printsrcinfo > .SRCINFO
 
       - name: Import GPG key
         env:
           GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
           GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
         run: |
+          sudo -u builder bash << EOF
           echo "$GPG_PRIVATE_KEY" | gpg --batch --import
           echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf
           echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf
           gpg-connect-agent reloadagent /bye
+          EOF
 
       - name: Publish to AUR
         env:
           AUR_SSH_PRIVATE_KEY: ${{ secrets.AUR_SSH_PRIVATE_KEY }}
           GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
         run: |
+          sudo -u builder bash << EOF
           mkdir -p ~/.ssh
           echo "$AUR_SSH_PRIVATE_KEY" > ~/.ssh/aur
           chmod 600 ~/.ssh/aur
@@ -81,3 +90,4 @@ jobs:
           git add PKGBUILD .SRCINFO
           echo $GPG_PASSPHRASE | git commit -S -m "Update to version $(grep -oP '(?<=pkgver=)\S+' PKGBUILD)"
           git push
+          EOF